For example, the account "MardetanhA" was created, which is obviously very close to "Mardetanha" -- this is despite that the original account existed locally prior to the spoof being created (on mywiki):
- MardetanhA (Created on 17 June 2009 at 22:07)
- Mardetanha (Created on 2 June 2008 at 19:00)
Ideally, AntiSpoof would check against the CentralAuth database in addition to the local user list, but in this case, even a local check would have been sufficient. That's bug 15545.
Unless the extension is disabled or otherwise non-functional, it seems that the rules used to detect similarity are pretty bad (a case change should be utterly trivial, and more complex matching at a high quality is desperately needed).
This may be related to bug 18447?